aboutsummaryrefslogtreecommitdiff
path: root/src/backend/executor/execMain.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/executor/execMain.c')
-rw-r--r--src/backend/executor/execMain.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
index 60ded334c68..9d7bdb777c5 100644
--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@@ -26,7 +26,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.335 2009/11/20 20:38:10 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.336 2009/12/09 21:57:51 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -2068,6 +2068,11 @@ OpenIntoRel(QueryDesc *queryDesc)
Assert(into);
/*
+ * XXX This code needs to be kept in sync with DefineRelation().
+ * Maybe we should try to use that function instead.
+ */
+
+ /*
* Check consistency of arguments
*/
if (into->onCommit != ONCOMMIT_NOOP && !into->rel->istemp)
@@ -2076,6 +2081,16 @@ OpenIntoRel(QueryDesc *queryDesc)
errmsg("ON COMMIT can only be used on temporary tables")));
/*
+ * Security check: disallow creating temp tables from security-restricted
+ * code. This is needed because calling code might not expect untrusted
+ * tables to appear in pg_temp at the front of its search path.
+ */
+ if (into->rel->istemp && InSecurityRestrictedOperation())
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("cannot create temporary table within security-restricted operation")));
+
+ /*
* Find namespace to create in, check its permissions
*/
intoName = into->rel->relname;